{"report_id":"7b1a2c4e-cbe3-437a-8de5-c9b9bc89f10d","version":6,"status":"done","tags":[],"date":"2026-01-06T08:03:20Z","url":{"schema":"http","addr":"splendorous-shortbread-906449.netlify.app/","fqdn":"splendorous-shortbread-906449.netlify.app","domain":"splendorous-shortbread-906449.netlify.app","tld":"netlify.app"},"ip":{"addr":"63.176.8.218","port":0,"asn":16509,"as":"AMAZON-02","country":"Germany","country_code":"DE"},"final":{"url":{"schema":"https","addr":"splendorous-shortbread-906449.netlify.app/","fqdn":"splendorous-shortbread-906449.netlify.app","domain":"splendorous-shortbread-906449.netlify.app","tld":"netlify.app"},"title":"Site not found","dom":{"size":3212,"mime_type":"text/html; charset=utf-8","magic":"HTML document, Unicode text, UTF-8 text, with very long lines (2001)","md5":"8999db4f4bfde47edc562e4569146cc6","sha1":"5fe62e8a5b4985ffba9c0423ad35e6f283a3ce89","sha256":"c59873fdd447c5e9c6f11d20c6a5faefa2fa63394c33c27f4544f2dcb79872c5","sha512":"7657139f187fbf62d88e7bed8842123988567fe09ea6eca16b27d4f823e12f92f8b55369eb9683f67141c6c8f174f5919924ec7de31779b1113327ce0692589e","ssdeep":"","tlshash":"ca6151a9c41a203f6d97681f13a4ca4da0297507dd9257d8ffaa53acd2dbaf305c2438","dom_hash":"domhashcb73cfededad984076e524bf6c61df10","first_seen":"","last_seen":"","times_seen":0,"resource_available":false,"data":null}},"submit":{"url":{"schema":"http","addr":"splendorous-shortbread-906449.netlify.app/","fqdn":"splendorous-shortbread-906449.netlify.app","domain":"splendorous-shortbread-906449.netlify.app","tld":"netlify.app"},"ip":{"addr":"63.176.8.218","port":0,"asn":16509,"as":"AMAZON-02","country":"Germany","country_code":"DE"},"tags":null,"meta":null},"settings":{"access":"public","device_type":"desktop","expires_at":"2027-02-10T08:03:20Z","useragent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0","referer":"","cookies":null,"exit_node":"z0yflva4pidy47h"},"stats":{"alert_count":{"ids":1,"urlquery":0,"analyzer":1}},"detection":{"ids":[{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2026-01-06T08:02:58Z","timestamp":1767686578,"ip_dst":{"addr":"63.176.8.218","port":443,"asn":16509,"as":"AMAZON-02","country":"Germany","country_code":"DE"},"ip_src":{"addr":"172.18.0.51","port":38392,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"medium","alert":"ET HUNTING Suspicious Netlify Hosted TLS SNI Request - Possible Phishing Landing","source":"{\"timestamp\":\"2026-01-06T08:02:58.273961+0000\",\"flow_id\":553401195851850,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"172.18.0.51\",\"src_port\":38392,\"dest_ip\":\"63.176.8.218\",\"dest_port\":443,\"proto\":\"TCP\",\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2032760,\"rev\":1,\"signature\":\"ET HUNTING Suspicious Netlify Hosted TLS SNI Request - Possible Phishing Landing\",\"category\":\"Possible Social Engineering Attempted\",\"severity\":2,\"metadata\":{\"affected_product\":[\"Web_Browsers\"],\"attack_target\":[\"Client_Endpoint\"],\"confidence\":[\"Medium\"],\"created_at\":[\"2021_04_14\"],\"deployment\":[\"Perimeter\"],\"mitre_tactic_id\":[\"TA0001\"],\"mitre_tactic_name\":[\"Initial_Access\"],\"mitre_technique_id\":[\"T1566\"],\"mitre_technique_name\":[\"Phishing\"],\"signature_severity\":[\"Critical\"],\"tag\":[\"Phishing\"],\"updated_at\":[\"2021_04_14\"]}},\"tls\":{\"sni\":\"splendorous-shortbread-906449.netlify.app\",\"version\":\"TLS 1.3\",\"ja3\":{\"hash\":\"650c82854aed91a22996035b295a0c3e\",\"string\":\"771,4865-4867-4866-49195-49199-52393-52392-49196-49200-49171-49172-156-157-47-53,0-23-65281-10-11-16-5-34-51-43-13-28-21,29-23-24-25-256-257,0\"},\"ja3s\":{\"hash\":\"f4febc55ea12b31ae17cfb7e614afda8\",\"string\":\"771,4865,43-51\"}},\"app_proto\":\"tls\",\"flow\":{\"pkts_toserver\":4,\"pkts_toclient\":5,\"bytes_toserver\":789,\"bytes_toclient\":3503,\"start\":\"2026-01-06T08:02:58.225354+0000\"}}"}],"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-01-06","alert":"Sinkholed","trigger":"splendorous-shortbread-906449.netlify.app","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null},"summary":[{"fqdn":"splendorous-shortbread-906449.netlify.app","ip":{"addr":"63.176.8.218","port":443,"asn":16509,"as":"AMAZON-02","country":"Germany","country_code":"DE"},"domain_registered":"2018-05-08","domain_rank":0,"first_seen":"2023-03-09T12:10:12Z","last_seen":"2023-07-06T13:01:06Z","alert_count":3,"request_count":3,"received_data":7216,"sent_data":1509,"comment":"","tags":null,"fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Netlify","description":"Netlify providers hosting and server-less backend services for web applications and static websites.","website":"https://www.netlify.com/","common_platform_enumeration":"","icon":"Netlify.svg","categories":["PaaS","CDN"]}]}],"files":null,"artifacts":{"windows_shortcuts":null,"files":null,"telegram":null,"pdfs":null,"clipboard":null},"sensors":{"ids":null,"analyzer":null,"urlquery":null},"javascript":{"script":null,"eval":null,"write":null},"http":[{"url":{"schema":"https","addr":"splendorous-shortbread-906449.netlify.app/","fqdn":"splendorous-shortbread-906449.netlify.app","domain":"splendorous-shortbread-906449.netlify.app","tld":"netlify.app"},"ip":{"addr":"63.176.8.218","port":443,"asn":16509,"as":"AMAZON-02","country":"Germany","country_code":"DE"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2026-01-06T08:02:58.191Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.netlify.app","organization":"Netlify, Inc"},"issuer":{"commonName":"DigiCert Global G2 TLS RSA SHA256 2020 CA1","organization":"DigiCert Inc"},"validity":{"start":"Fri, 31 Jan 2025 00:00:00 GMT","end":"Tue, 03 Mar 2026 23:59:59 GMT"},"fingerprint":{"sha1":"04:28:C9:A3:BC:06:50:9C:6B:0B:67:72:82:27:C6:3D:99:1B:5B:71","sha256":"FA:34:6A:A0:1C:F5:9C:C7:30:CA:55:23:13:A1:3E:0F:21:8C:3A:0B:B5:CC:E5:67:09:FE:64:EC:97:4E:8D:75"}}},"request":{"raw":"GET / HTTP/1.1\r\nHost: splendorous-shortbread-906449.netlify.app\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nUpgrade-Insecure-Requests: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 404 Not Found\r\ncontent-type: text/html\r\ndate: Tue, 06 Jan 2026 08:02:58 GMT\r\nserver: Netlify\r\nstrict-transport-security: max-age=31536000; includeSubDomains; preload\r\nx-nf-request-id: 01KE95985GZJPK2QHN9YH7DG8J\r\ncontent-length: 3164\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"404","status_text":"Not Found","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Netlify","description":"Netlify providers hosting and server-less backend services for web applications and static websites.","website":"https://www.netlify.com/","common_platform_enumeration":"","icon":"Netlify.svg","categories":["PaaS","CDN"]}],"data":{"size":3164,"size_decoded":0,"mime_type":"text/html","magic":"HTML document, Unicode text, UTF-8 text, with very long lines (1984)","md5":"d033b64fb18a110755cea00b478b8f14","sha1":"ba214ffd536989518dcd1ef3681cd98fcfd51d10","sha256":"4489befdaebfdf4193ffaec71644937e5ee461c725ea95d23512074a5f17b4ac","sha512":"48546210ce284aaf1701046a20ed3d365638ed310c611fdf27122685c5cf2a12cb58d384f6704753a915b6743481fc9c1b5a1647e3b9b1af123230fbcd85a87e","ssdeep":"","tlshash":"1b5163a9c41a203f6d93681f13a48e4d60297503dc9147e8ffaa936cd6db6f305d2438","first_seen":"2026-01-06T08:03:21.386765Z","last_seen":"2026-01-06T08:03:21.386765Z","times_seen":1,"resource_available":false,"data":null}},"time_used":340,"timings":{"blocked":152,"dns":37,"connect":24,"send":0,"wait":33,"receive":0,"ssl":91},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-01-06","alert":"Sinkholed","trigger":"splendorous-shortbread-906449.netlify.app","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"splendorous-shortbread-906449.netlify.app/","fqdn":"splendorous-shortbread-906449.netlify.app","domain":"splendorous-shortbread-906449.netlify.app","tld":"netlify.app"},"ip":{"addr":"63.176.8.218","port":443,"asn":16509,"as":"AMAZON-02","country":"Germany","country_code":"DE"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2026-01-06T08:02:58.500Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.netlify.app","organization":"Netlify, Inc"},"issuer":{"commonName":"DigiCert Global G2 TLS RSA SHA256 2020 CA1","organization":"DigiCert Inc"},"validity":{"start":"Fri, 31 Jan 2025 00:00:00 GMT","end":"Tue, 03 Mar 2026 23:59:59 GMT"},"fingerprint":{"sha1":"04:28:C9:A3:BC:06:50:9C:6B:0B:67:72:82:27:C6:3D:99:1B:5B:71","sha256":"FA:34:6A:A0:1C:F5:9C:C7:30:CA:55:23:13:A1:3E:0F:21:8C:3A:0B:B5:CC:E5:67:09:FE:64:EC:97:4E:8D:75"}}},"request":{"raw":"GET / HTTP/1.1\r\nHost: splendorous-shortbread-906449.netlify.app\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nUpgrade-Insecure-Requests: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 404 Not Found\r\ncontent-type: text/html\r\ndate: Tue, 06 Jan 2026 08:02:58 GMT\r\nserver: Netlify\r\nstrict-transport-security: max-age=31536000; includeSubDomains; preload\r\nx-nf-request-id: 01KE9598ACNDA73H4FCYT2D33Y\r\ncontent-length: 3164\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"404","status_text":"Not Found","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Netlify","description":"Netlify providers hosting and server-less backend services for web applications and static websites.","website":"https://www.netlify.com/","common_platform_enumeration":"","icon":"Netlify.svg","categories":["PaaS","CDN"]}],"data":{"size":3164,"size_decoded":0,"mime_type":"text/html","magic":"HTML document, Unicode text, UTF-8 text, with very long lines (1984)","md5":"acf1a4e54cac766d4bbe9cfb1f901faa","sha1":"7a29a417d487ed973ac1a7ecb5aafc18fdb8b773","sha256":"082e0fa8181a654f203618a0c7a951dea470414793e5656d8646353d2ef0c702","sha512":"9fbb18beec5adeac1e532b13f9db3eb1e0b9e9ef8e9e5e208ce605ae1f05d3edb3218b08f939478f4f9746b8e69ad36b251d12877ea919be1beb07fd74f2a490","ssdeep":"","tlshash":"4b5173adc41a203f6d97681f23a48e4d60297503dc9147e8ffaa936cd6db6f306d2438","first_seen":"2026-01-06T08:03:21.389393Z","last_seen":"2026-01-06T08:03:21.389393Z","times_seen":1,"resource_available":false,"data":null}},"time_used":22,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":22,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-01-06","alert":"Sinkholed","trigger":"splendorous-shortbread-906449.netlify.app","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"splendorous-shortbread-906449.netlify.app/favicon.ico","fqdn":"splendorous-shortbread-906449.netlify.app","domain":"splendorous-shortbread-906449.netlify.app","tld":"netlify.app"},"ip":{"addr":"63.176.8.218","port":443,"asn":16509,"as":"AMAZON-02","country":"Germany","country_code":"DE"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://splendorous-shortbread-906449.netlify.app/","date":"2026-01-06T08:02:58.623Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.netlify.app","organization":"Netlify, Inc"},"issuer":{"commonName":"DigiCert Global G2 TLS RSA SHA256 2020 CA1","organization":"DigiCert Inc"},"validity":{"start":"Fri, 31 Jan 2025 00:00:00 GMT","end":"Tue, 03 Mar 2026 23:59:59 GMT"},"fingerprint":{"sha1":"04:28:C9:A3:BC:06:50:9C:6B:0B:67:72:82:27:C6:3D:99:1B:5B:71","sha256":"FA:34:6A:A0:1C:F5:9C:C7:30:CA:55:23:13:A1:3E:0F:21:8C:3A:0B:B5:CC:E5:67:09:FE:64:EC:97:4E:8D:75"}}},"request":{"raw":"GET /favicon.ico HTTP/1.1\r\nHost: splendorous-shortbread-906449.netlify.app\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://splendorous-shortbread-906449.netlify.app/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 404 Not Found\r\ncache-control: private, max-age=0\r\ncontent-type: text/plain; charset=utf-8\r\ndate: Tue, 06 Jan 2026 08:02:58 GMT\r\nserver: Netlify\r\nstrict-transport-security: max-age=31536000; includeSubDomains; preload\r\nx-nf-request-id: 01KE9598E7YKY4Q8Q9HE9XB3V5\r\ncontent-length: 50\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"404","status_text":"Not Found","fingerprints":[{"name":"Netlify","description":"Netlify providers hosting and server-less backend services for web applications and static websites.","website":"https://www.netlify.com/","common_platform_enumeration":"","icon":"Netlify.svg","categories":["PaaS","CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":50,"size_decoded":0,"mime_type":"text/plain; charset=utf-8","magic":"ASCII text, with no line terminators","md5":"1abf968172123081e275d7d823c02c48","sha1":"12abc63206f6b410df7860ef9f3d17c6f27f91c2","sha256":"5056493da2293d3e37a0ea9c296392c0e38a72da05f59807f82aca9f6a1ae3bb","sha512":"6ad88abbcb69ad2c067d59beb9ac8ca00fe40a891b2a540eda15d2026edfc0eeeabaedd0f266610ecee16d64eb1bae5e4e1ca377f8d341135fc02fad21d89b81","ssdeep":"","tlshash":"cd90021625e5a558a1214715bd646502590522207960553750a1a0960995544c14508a","first_seen":"2026-01-06T08:03:21.391838Z","last_seen":"2026-01-06T08:03:21.391838Z","times_seen":1,"resource_available":false,"data":null}},"time_used":22,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":22,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-01-06","alert":"Sinkholed","trigger":"splendorous-shortbread-906449.netlify.app","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}}]}